Except, it's a totally non-scalable approach. People have vulnerabilities all over their sites which they don't realize. Some examples:
django-taggit (an application I wrote for handling tags) parses tags out an input, it stores these in a set to check for duplicates. It's vulnerable.
Another site I'm writing accepts JSON POSTs, you can put arbitrary keys in the JSON. It's vulnerable.